forked from devops-workflow/terraform-aws-ecs-service
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathalb.tf-OLD
119 lines (102 loc) · 3.55 KB
/
alb.tf-OLD
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
###
### ECS Service ALB
###
data "aws_acm_certificate" "alb" {
count = "${var.alb_enable_https ? 1 : 0}"
domain = "${var.acm_cert_domain}"
statuses = ["ISSUED"]
}
# TODO: Change to use LB module
resource "aws_alb" "service" {
count = "${(var.alb_enable_https || var.alb_enable_http) ? 1 : 0}"
name = "${module.label.name}"
internal = "${var.alb_internal}"
security_groups = ["${aws_security_group.alb.id}"]
subnets = ["${var.alb_subnet_ids}"]
tags {
Application = "${aws_ecs_task_definition.task.family}"
}
}
resource "aws_alb_listener" "service_https" {
count = "${var.alb_enable_https ? 1 : 0}"
load_balancer_arn = "${aws_alb.service.arn}"
port = "443"
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-2015-05"
certificate_arn = "${data.aws_acm_certificate.alb.arn}"
default_action {
target_group_arn = "${aws_alb_target_group.service.arn}"
type = "forward"
}
}
resource "aws_alb_listener" "service_http" {
count = "${var.alb_enable_http ? 1 : 0}"
load_balancer_arn = "${aws_alb.service.arn}"
port = "80"
protocol = "HTTP"
default_action {
target_group_arn = "${aws_alb_target_group.service.arn}"
type = "forward"
}
}
resource "aws_alb_target_group" "service" {
name = "${module.label.name}"
port = "${var.app_port}"
protocol = "HTTP"
vpc_id = "${var.vpc_id}"
health_check {
interval = "${var.alb_healthcheck_interval}"
path = "${var.alb_healthcheck_path}"
port = "${var.alb_healthcheck_port}"
protocol = "${var.alb_healthcheck_protocol}"
timeout = "${var.alb_healthcheck_timeout}"
healthy_threshold = "${var.alb_healthcheck_healthy_threshold}"
unhealthy_threshold = "${var.alb_healthcheck_unhealthy_threshold}"
matcher = "${var.alb_healthcheck_matcher}"
}
stickiness {
enabled = "${var.alb_stickiness_enabled}"
type = "lb_cookie"
cookie_duration = "${var.alb_cookie_duration}"
}
tags {
Application = "${aws_ecs_task_definition.task.family}"
}
}
# TODO: Use security group module
resource "aws_security_group" "alb" {
count = "${(var.alb_enable_https || var.alb_enable_http) ? 1 : 0}"
name_prefix = "alb-${module.label.name}-"
description = "Security group for ${module.label.name} ALB"
vpc_id = "${var.vpc_id}"
tags {
Application = "${aws_ecs_task_definition.task.family}"
}
}
resource "aws_security_group_rule" "alb_ingress_https" {
count = "${var.alb_enable_https ? 1 : 0}"
type = "ingress"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
security_group_id = "${aws_security_group.alb.id}"
}
resource "aws_security_group_rule" "alb_ingress_http" {
count = "${var.alb_enable_http ? 1 : 0}"
type = "ingress"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
security_group_id = "${aws_security_group.alb.id}"
}
resource "aws_security_group_rule" "alb_egress" {
count = "${(var.alb_enable_https || var.alb_enable_http) ? 1 : 0}"
type = "egress"
from_port = 0
to_port = 65535
protocol = "-1"
source_security_group_id = "${var.ecs_security_group_id}"
security_group_id = "${aws_security_group.alb.id}"
}